hxxps://54evuwhv[.]forms[.]app/solicitud-informe-reclamos-internacionales-midinero-

Analysis

max time kernel
120s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240226-es
resource tags

arch:x64arch:x86image:win10v2004-20240226-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
08/03/2024, 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://54evuwhv.forms.app/solicitud-informe-reclamos-internacionales-midinero-

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133543955119114413"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3192	chrome.exe
3192	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 2856	3192	chrome.exe	87
PID 3192 wrote to memory of 2856	3192	chrome.exe	87
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 2484	3192	chrome.exe	89
PID 3192 wrote to memory of 4572	3192	chrome.exe	90
PID 3192 wrote to memory of 4572	3192	chrome.exe	90
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91
PID 3192 wrote to memory of 2764	3192	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://54evuwhv.forms.app/solicitud-informe-reclamos-internacionales-midinero-
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9ee79758,0x7ffc9ee79768,0x7ffc9ee79778
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1992,i,12704891734616887164,6706839954777516676,131072 /prefetch:2
  2⤵
  PID:2484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1992,i,12704891734616887164,6706839954777516676,131072 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=1992,i,12704891734616887164,6706839954777516676,131072 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1992,i,12704891734616887164,6706839954777516676,131072 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1992,i,12704891734616887164,6706839954777516676,131072 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4596 --field-trial-handle=1992,i,12704891734616887164,6706839954777516676,131072 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 --field-trial-handle=1992,i,12704891734616887164,6706839954777516676,131072 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 --field-trial-handle=1992,i,12704891734616887164,6706839954777516676,131072 /prefetch:8
  2⤵
  PID:4632

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7e5e265f4d86db4230c3288fc655f3e9

SHA1
3d6305e422fea5ecb3d2aa36ebbbfca45a0fc37a

SHA256
bab2f6edb6f33ca07b8ca47a56c946e1a1e3d9919e29593bb0836dbf3fc6b21f

SHA512
8b0c017102c4761096d1b146c4da4c9933b2bfbc2b92eb5d05577c55a5524ebe16bebe3721c8096904fb11a8a97db09c3c1b97ed0bf98b4395622884a6ecac48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
eb128fc2e0f8f6a42dd6f37ad246f5c5

SHA1
178f1db5b7a7cee5c0ed3afe0a286768106ee14f

SHA256
9010b492911d00cdac8a08966d8c136d5e1d2f8deb466e5cfeb9f502fbe68035

SHA512
2721ea5cc40f1ec0429de022cdd0b18b8c0b33476908f962705a2ec25df8b7e7487caf106ede131ed59f79b395251a90411f87c9efa9ad1e62d3d1f90e687f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7d59f3a3497170e3261144917677c8ae

SHA1
9ba717e4e9d397a5a41d0e8fa30f5c890c3202c0

SHA256
b8c4749fff047b6a98023f41f6c4ca59957d225a33d378814e314f69221b17d9

SHA512
78b90612d14e1d55d222e9c0968c2f987470af4e0faff4d994f9aca532bafed8922fbac5c07c4f18c734620848f83acba6e5a4e3fddb56620ea5a3f93b3a8e4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e1fa148675d35378df9b9d6fc8d3c25b

SHA1
4cb04d4052e2d72374593c2d8bac81bad3d93b39

SHA256
143fb9ef981c3f64fd079b889b7a381b6571f44555d51057ea9439dd7cd7aa28

SHA512
03e2e7c294b9051b4780a8a3850d2e76b0eda7a7542fbf7e7ad17d7f6d90501a175b7720577859f12d32f58f13ca1e0fa25498f38d98167786b639fa34f104b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e044881e-9d20-489c-934c-9a6d248755e1.tmp

Filesize
6KB

MD5
c27fca3c1cf13e2c2a19fb7cd016946b

SHA1
c7c01dd788886616eddb1f1f69df4877fcd71e6f

SHA256
8a2c58c0192c2e528723c02778c5e85f92fd861ad0c7cee0ab825e1dabb00a09

SHA512
43a3d02c0a20936b37ee32df899cee63b011df1a5e1de6eef7d8736a43caaae607a3ecc64a80c44f95217d4f9c666fb59c60e19d78e3158559ed70581da7b57a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
bdd3822e8e25e01ee64031f5afa25339

SHA1
b667c5315f63548beb138d7b8548df4ad436d1d0

SHA256
34843b01e15fee6a4d38d3916210c2218b47d115e9c8bbc8394545275600e7ae

SHA512
bc03319e938dc5117439c968253c8da2e94f7b54cbd5fb56f65f346732b1e80c82a89a8353e76e85d6ee13cc72d404f557d1f6067c7925489299d60c5d16216a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit